[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#558784: Isn't this a security problem?

I would consider this to be a critical issue as it could become a security

Let's assume an archive key is compromised. As an admin reading this on
some information channel (irc, twitter, lwn.net, whatever) I would just
remove the key as shown by Tollef.

Only by reading this bug report I do know now that this plainly would not
work. Instead apt-key will reenable this key given any chance.

That sound to me like reenabling a root account or password authentication
for ssh style, something that should be up to the admin to decide. Having
a system override such a decision against me as the admin sounds like a
nightmare to me, something I would not accept from a trusted Debian system.

So, does this bug still apply?

Greetings, Torsten

Reply to: